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DETAILED ACTION 

1 . Claims 1 -1 7 and 1 9-27 remain for examination. The amendment filed 1 2/2/09 
amended claims 1, 21, and 27. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1-27 have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

4. Claims 1 -1 6 and 1 9-27 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over"P-Synch Installation and Configuration Guide" (hereinafter, "P- 
Synch") in view of Wong (U.S. Patent Application Publication 2005/0102534) in view of 
Eitel (U.S. Patent 7,043,521). 

Regarding claims 1, 21, and 27: 

P-Synch discloses a method, apparatus, and article of manufacture for 
evaluating a password proposed by a user, comprising: receiving a proposed password 
from a user (page 4, "3. Users select a new password..."); and rejecting the proposed 
password based on a rule for the selection of passwords (page 4, "4. P-Synch checks 
the new password..."; cf. pages 124-126 for sample rules). 
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P-Synch does not explicitly disclose performing an Internet search using a query 
containing one or more keywords derived from said proposed password, and rejecting 
the password based on the results returned by said search engine. However, it is 
observed that P-synch, while already possessing a defined set of rules to measure a 
proposed password's strength, can nevertheless be extended by allowing an admin to 
add new rules via a plug-in (page 127, section 10.19.1 "Adding new rules with a plug-in 
program"). In that vein, Wong discloses a related security auditing tool including inter 
alia functionality to test passwords according to various security criteria, said 
functionality in turn including inter alia querying one or more Internet search engines to 
determine if a password can be correlated to a user according to any number of criteria 
(paragraphs 01 08-01 1 0 and 01 27). It would have been obvious to one of ordinary skill 
in the art to develop a plug-in for P-Synch that implements the above functionality 
disclosed by Wong's automated password cracker to determine if a proposed new 
password can be correlated to a user, as the technique is clearly within the capabilities 
of one of ordinary skill in the art. 

Although Wong discloses wherein his search-engine-employing password 
searcher may be recursively iterated to continue churning up multiple hits that could 
inadvertently reveal a user's password (paragraph 0110), it is unclear if this step is 
taken only when the previous queries failed to find the password or whether the system 
is trying to confirm that it has found one's password by finding multiple pages containing 
it. Nevertheless, Eitel discloses a related technique to be employed during a search for 
arbitrary information on the Internet wherein the search will fail if, for example, the 
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search comprised too few hits to satisfy a pre-established threshold (col. 6, line 46 - col. 
7, line 3). It would have been obvious to one of ordinary skill in the art to set a minimum 
threshold for search hits for determining if the Wong plug-in has found one's password, 
as the technique is clearly within the capabilities of one of ordinary skill in the art, and 
one would have had a good reason to pursue the known options within one's grasp. If 
setting a minimum threshold for search hits would lead to anticipated success, it would 
be the product not of innovation but of ordinary skill and common sense. 

Regarding claims 2, 3, and 22: 

P-Synch further discloses wherein said one or more predefined correlation rules 
evaluate whether that said proposed password can be [qualitatively: the password is the 
username; quantitatively: the password is similar to the username] correlated with said 
user (page 126, as indicated). 

Regarding claims 4, 6, 23, and 24: 

P-Synch in view of Wong further discloses wherein said proposed password is 
comprised of a proposed answer and a proposed hint (P-Synch: the user Q&A profiles 
on pages 83 and 199-200), and wherein the proposed answer can be correlated 
with/obtained from the proposed hint in a particular relation (Wong: pars. 0108-01 10). 
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Regarding claim 5: 

P-Synch further discloses wherein said particular relation is selected from the 
group consisting essentially of self, family member, co-author, teammate, colleague, 
neighbor, community member, or household member (pages 83, 199, & 200). 

Regarding claims 7 and 25: 

P-Synch further discloses wherein said proposed password is an identifying 
number (e.g. PIN number, e.g. page 6, "2.2.2 Authentication Systems"). 

Regarding claims 8 and 26: 

P-Synch in view of Wong further discloses wherein the rule evaluates whether 
the identifying number identifies a person in a particular relationship to the user (P- 
Synch: "Family member phone number that is not your own", pages 83 and 200; Wong: 
paragraph 0109). 

Regarding claim 9: 

P-Synch further discloses wherein said one or more pre-defined correlation rules 
evaluate whether said identifying number is a top N most commonly used identifying 
number (in the embodiment where the password is a PIN, the password history rules on 
pages 126 and 127). 



Application/Control Number: 1 0/81 5,1 91 Page 6 

Art Unit: 2435 

Regarding claim 10: 

P-Synch in view of Wong further discloses wherein the rule evaluates whether 

the identifying number identifies a top N commercial entity (P-Synch: "radio station dial 

number" at pages 83 and 200; Wong: paragraph 0109). 

Regarding claim 11: 

P-Synch in view of Wong further discloses wherein the rule evaluates whether 
the identifying number identifies the user (P-Synch: "Your SSN", Ibid; Wong: Ibid). 

Regarding claims 12-14: 

P-Synch further discloses wherein said identifying number is a portion of a 
telephone number, address, or social security number (pages 83 and 200). 

Regarding claim 15: 

P-Synch further discloses wherein said proposed password is a word (page 125, 
the dictionary rules). 

Regarding claim 16: 

P-Synch further discloses wherein said one or more predefined correlation rules 
evaluate whether a correlation between said word and said user exceeds a predefined 
threshold (e.g. the last two rules on page 125). 
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Regarding claim 19: 

P-Synch further discloses wherein said step of ensuring a correlation further 

comprises the step of performing a local proximity evaluation (e.g. the last two rules on 

page 125, and the variants of the username on page 126). 

Regarding claim 20: 

P-Synch further discloses wherein said step of ensuring a correlation further 
comprises the step of performing a number classification (the digits rules: page 125). 

5. Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over P-Synch 
in view of Wong in view of Eitel as applied to claim 1 above, and further in view of 
"About Metacrawler" (hereinafter, "Metacrawler"). 

Regarding claim 17: 

Although Wong suggests searching a plurality of search engines (paragraph 
0108), the references do not explicitly disclose using a meta-search engine. However, 
Metacrawler discloses a single meta-search engine capable of searching a plurality of 
search engines (Metacrawler, entire article, but particularly the first paragraph). It would 
have been obvious to one of ordinary skill in the art to substitute Metacrawler for the 
generic search engine(s) employed by the Wong invention/plug-in, as doing so would 
lead to better results obtained significantly faster than by searching each engine 
separately (Metacrawler, "Better Search, Faster Results"). 
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Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

• U.S. Patent 7,062,655 to Nelson et al. 

• U.S. Patent Application Publication 2004/0107406 to Fallman 

• U.S. Patent Application Publication 2004/0078603 to Ogura et al. 

• U.S. Patent Application Publication 2004/0044657 to Lee 

• U.S. Patent Application Publication 2003/0088554 to Ryan et al. 

• U.S. Patent Application Publication 2002/0055919 to Mikheev 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See M PEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Thomas Gyorfi whose telephone number is (571)272- 
3849. The examiner can normally be reached on 8:30am - 5:00pm Monday - Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

TAG 

3/9/10 

/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



